General resources:
- Schema Definition Reference
- Bicep Language Specification (incl. operators and functions)
- Official Best Practices
- Visual Studio Code Extension for Bicep (including graphical visualization)
Service(s) | Level | Architecture | Problem / Solution | Related | Link |
---|---|---|---|---|---|
App Service (Function, Web App) | Resource Group | API for Client applications | Enforcing AAD-based user authentication | - | function-aad-authentication |
CDN | Resource Group | SPA | Provide SPA with CDN | - | setup-CDN-with-rule-for-SPA |
Activity Log | Subscription | - | Link Activity Log with Log Analytics Workspace for external analytics | - | activity-log-link-log-analytics-workspace |
App Service (Function, Web App) | Resource Group | - | Complete setup of ZIP-deployment to Storage Account. Includes Key Vault based settings and Application Insights | - | function-run-from-package-in-storage-account |
API Management, App Service (Function, Web App) | Resource Group | - | Complete setup of API Management for a Function including Open API schema definitions and injection of authentication key | - | function-api-management |
Data Factory | Resource Group | - | Backup all existing Storage Tables as CSV into Blob Storage & Restore manually placed CSV-files of specific Blob Container to according Storage Table | - | data-factory-backup-restore-storage-tables |
Data Factory | Resource Group | - | Ingest all usage details of current subscription to a Storage Table (ready for direct visualisation) | - | data-factory-usage-details-ingestion |
Action Group | Resource Group | - | Action Groups usable by multiple applications to notify fired alerts - to be provided centrally per organisation, department or other operations responsibles | Guideline Alerting Strategy | alerting-infra-organisation-level |
Action Group, Logic App | Resource Group | - | Action Group(s) and DevOps Handler/Connector on application level (but common for all modules and independent from environments) | Guideline Alerting Strategy | alerting-infra-application-level |
Alert Rule | Resource Group | - | Alert on manual changes to resources in Resource Group. Important: To have this data available, you need to connect Azure Activity Log to the according Log Analytics Workspace. | activity-log-link-log-analytics-workspace | alert-rule-tampering |
Alert Rule | Resource Group | PaaS Solutions (generic) | Bicep module with selection of standard Alert Rules for typical monitoring aspects, which can be easily integrated into any existing deployment setup | Guideline Alerting Strategy | alert-rules-standard-monitoring-aspects |
Application Insights | Resource Group | Connected resources with APIs | Application Insights Availabilty Test either of type Classic (URL Ping) or type Standard with according Metric Alert Rule | Guideline Alerting Strategy | appinsights-classic-standard-availability-test-with-alert-rule |
Cosmos DB | Resource Group | - | Cosmos DB API "Core SQL" including sample database & containers by choosing ideal capacity mode (serverless, autoscale, manual) based on parameters | Blueprint Analytics Platform | cosmos-db-coresql-select-capacity-mode |
Policy | Resource Group | - | Full-fledged example for assignment of a built-in policy requiring a managed identity and parameters to a resource group | - | policy-assignment-to-resource-group-with-param-and-identity |
Event Grid Topic | Resource Group | - | Event Grid (Custom Topic flavour) with subscription for a WebHook to consume filtered events dispatched from a Function (i.e. required connectivity configurations assigned in app-settings) | - | event-grid-with-webhook-and-publisher-function |
Function | Resource Group | Serverless | Function in regular Consumption plan (Y1) encounter a cold start behaviour which is not acceptable for some use cases. Premium plans (EP1, EP2, EP3) allow the configuration of always running instances which resolve this problem. | - | function-prewarmed-instance-in-premium-plan |
Resource Group | Resource Group | - | Assign tags to the current Resource Group (which is the scope of the deployment). Note: If you inherit tags on child resources, this may not properly work as the deployment order is not guaranteed. | - | tags-assigned-to-current-resource-group |
Defender for Cloud | Subscription | - | Configure service plan (i.e. activation of Azure Defender), security contact & email notfications and continous export of alert, assessment and score data to a Log Analytics Workspace | - | defender-configurations-for-subsription |
Key Vault | Resource Group | - | The access of Azure services to Key Vault configurations is typically established based on Managed Identities. Only one resource for Key Vault access policies can be provided in a deployment definition (as the resource name is predetermined). This snippet shows how to include conditionally deployed resources. | - | conditional-key-vault-access-policies |
SQL Database | Resource Group | - | The Azure SQL PaaS service has quite a big variety of service tiers and according configurations. This snippet provides the cheapest configuration which can be seriously used for productive applications. This configuration serves low usage / performance requirements, but can easily be scaled to mid-range use cases. It also includes the network configuration to allow access for all Azure services (e.g. App Service or Synapse). | - | dtu-based-sql-database-for-paas-solutions |
Storage Account | Resource Group | - | Lifecycle Management Rules to delete blobs or change their tiers | - | storage-account-lifecycle-management-rule |